Create AuthTokenCreator and AuthTokenDecryptor classes

2025-06-11 15:14:47 +02:00 · 2018-07-20 15:21:10 +03:00 · 2018-07-20 15:21:10 +03:00 · dc8230dcc2
commit dc8230dcc2
parent dad57ba528
8 changed files with 221 additions and 33 deletions
--- a/lib/auth_token/auth_token_creator.rb
+++ b/lib/auth_token/auth_token_creator.rb
@ -0,0 +1,41 @@
+class AuthTokenCreator
+  DEFAULT_VALIDITY = 2.hours
+
+  attr_reader :user
+  attr_reader :key
+  attr_reader :expires_at
+
+  def self.create_with_defaults(user)
+    self.new(user, Rails.application.config.secret_key_base, Time.now + DEFAULT_VALIDITY)
+  end
+
+  def initialize(user, key, expires_at)
+    @user = user
+    @key = key
+    @expires_at = expires_at.utc.strftime("%F %T %Z")
+  end
+
+  def hashable
+    {
+      user_ident: user.registrant_ident,
+      user_username: user.username,
+      expires_at: expires_at
+    }.to_json
+  end
+
+  def encrypted_token
+    encryptor = OpenSSL::Cipher::AES.new(256, :CBC)
+    encryptor.encrypt
+    encryptor.key = key
+    encrypted_bytes = encryptor.update(hashable) + encryptor.final
+    Base64.encode64(encrypted_bytes)
+  end
+
+  def token_in_hash
+    {
+      access_token: encrypted_token,
+      expires_at: expires_at,
+      type: 'Bearer'
+    }
+  end
+end
--- a/lib/auth_token/auth_token_decryptor.rb
+++ b/lib/auth_token/auth_token_decryptor.rb
@ -0,0 +1,43 @@
+class AuthTokenDecryptor
+  attr_reader :decrypted_data
+  attr_reader :token
+  attr_reader :key
+  attr_reader :user
+
+  def self.create_with_defaults(token)
+    self.new(token, Rails.application.config.secret_key_base)
+  end
+
+  def initialize(token, key)
+    @token = token
+    @key = key
+  end
+
+  def decrypt_token
+    decipher = OpenSSL::Cipher::AES.new(256, :CBC)
+    decipher.decrypt
+    decipher.key = key
+
+    base64_decoded = Base64.decode64(token)
+    plain = decipher.update(base64_decoded) + decipher.final
+
+    @decrypted_data = JSON.parse(plain, symbolize_names: true)
+  rescue OpenSSL::Cipher::CipherError
+    false
+  end
+
+  def valid?
+    decrypted_data && valid_user? && still_valid?
+  end
+
+  private
+
+  def valid_user?
+    @user = RegistrantUser.find_by(registrant_ident: decrypted_data[:user_ident])
+    @user&.username == decrypted_data[:user_username]
+  end
+
+  def still_valid?
+    decrypted_data[:expires_at] > Time.now
+  end
+end